Lexar JumpDrive Password Scheme Cracked

The LexarJumpDriveŽ Secure USB Flash Drive is described as having security as a key feature - thus the name. "The pre-loaded security software means that your information will be subject to password-protected 256-bit AES encryption. Lost or stolen, your data is safe." Buy one of these babies and your data is secure? Think again. Slashdot have something else to say. According to a security advisory here, that claim is total rubbish.

"The password can be observed in memory or read directly from the device, without evidence of tampering." And best of all, the punch line: "[The password] is stored in an XOR encrypted form and can be read directly from the device without any authentication."

IMHO, people should stop bounding words like "secure" about. There is no such thing as "secure" in the computer world, unless its a closed system buried 100 feet underground. And it looks like one of these Lexar devices is far from "secure".